Fully Automated Penetration Testing Doesn’t Exist! Know Your Options.
There has been a great deal of discussion of late regarding "Automated Penetration Testing" and "Manual Penetration Testing". Despite the encouragement by many vendors, automated penetration testing does not exist. The actions they describe are very close to what you would expect from "Vulnerability Scanning". This is important, as a consumer should know exactly what to expect from a vendor. Penetration Testing is the process of discovering and identifying vulnerabilities within the systems deployed by an organization, exploiting them to understand the level of potential threats those vulnerabilities might pose, and the damages that would be caused by a successful exploitation. A successful penetration test not only identifies the vulnerabilities but also finds different ways to exploit those vulnerabilities with the goal of determining the outcome of a successful exploitation. As a result, Penetration Testing is a complex and time-consuming, painstaking process. There are many reasons why conducting a proper…